Private keys not being detected by Trufflehog >=3.74.0

[rmartinsanta]

Summary: Private keys are not being detected by Trufflehog >=3.74.0

Tested versions

3.74.0 and 3.75.0

To reproduce

1. Use ssh-keygen to create a key pair in the current folder.
2. Run trufflehog with --no-update option, mounting the current folder inside the container, with the last three released versions. Example command:

docker run -v "$(pwd):/tmp/test" trufflesecurity/trufflehog:3.74.0 --no-update filesystem /tmp/test

Expected behavior

The private key should be reported by Trufflehog

3.73.0

> docker run -v "$(pwd):/tmp/test" trufflesecurity/trufflehog:3.73.0 --no-update filesystem /tmp/test
🐷🔑🐷  TruffleHog. Unearth your secrets. 🐷🔑🐷

2024-05-06T09:38:05Z	info-0	trufflehog	running source	{"source_manager_worker_id": "x8yv9", "with_units": true}
Found unverified result 🐷🔑❓
Detector Type: PrivateKey
Decoder Type: PLAIN
Raw result: -----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACBnwBJV1jWd9hGdr+aH0JCPt9vUch/qvaMO7rpW1Trh0wAAAKjqP4cT6j+H
EwAAAAtzc2gtZWQyNTUxOQAAACBnwBJV1jWd9hGdr+aH0JCPt9vUch/qvaMO7rpW1Trh0w
AAAEAyHmXk7Cy45fhrD971FzOZz2Xh/sILHVwlqymMnnacZ2fAElXWNZ32EZ2v5ofQkI+3
29RyH+q9ow7uulbVOuHTAAAAJHJtYXJ0aW5zYW50YUBSYXVscy1NYWNCb29rLVByby5sb2
NhbAE=
-----END OPENSSH PRIVATE KEY-----
File: /tmp/test/test

2024-05-06T09:38:06Z	info-0	trufflehog	finished scanning	{"chunks": 2, "bytes": 550, "verified_secrets": 0, "unverified_secrets": 1, "scan_duration": "794.893959ms"}

Actual Behavior

The private key is not reported by Trufflehog >=3.74.0, but works in previous versions.

3.74.0

> docker run -v "$(pwd):/tmp/test" trufflesecurity/trufflehog:3.74.0 --no-update filesystem /tmp/test
🐷🔑🐷  TruffleHog. Unearth your secrets. 🐷🔑🐷

2024-05-06T09:38:44Z	info-0	trufflehog	running source	{"source_manager_worker_id": "xZq7r", "with_units": true}
2024-05-06T09:38:45Z	info-0	trufflehog	finished scanning	{"chunks": 2, "bytes": 550, "verified_secrets": 0, "unverified_secrets": 0, "scan_duration": "739.079667ms"}

3.75.0

> docker run -v "$(pwd):/tmp/test" trufflesecurity/trufflehog:3.75.0 --no-update filesystem /tmp/test
🐷🔑🐷  TruffleHog. Unearth your secrets. 🐷🔑🐷

2024-05-06T09:39:06Z	info-0	trufflehog	running source	{"source_manager_worker_id": "v8eRZ", "with_units": true}
2024-05-06T09:39:07Z	info-0	trufflehog	finished scanning	{"chunks": 2, "bytes": 550, "verified_secrets": 0, "unverified_secrets": 0, "scan_duration": "736.647292ms", "trufflehog_version": "3.75.0"}

Environment

All environments seem affected.

Additional Context

After reviewing the changelog available at https://github.com/trufflesecurity/trufflehog/releases/tag/v3.74.0, I have not seen an obvious commit which provokes this bug. I can try to bisect it later if necessary. Trace logs are not provided for brevity, but can attach them too if requested.

[shreyas-sriram]

Facing the same issue - SSH Private Keys are not detected.

Did some digging and I am pretty sure the bug came from here - https://github.com/trufflesecurity/trufflehog/pull/2743/files#diff-319d7bc8127f20b721213459b3b0708f7e71d221072f05bb4b93a1db3eeec543R54-R56.

[rosecodym]

@shreyas-sriram - I think that commit wasn't introduced until 3.75.0, but this report says the bug surfaced in 3.74.0. Could it have been #2643?